Fix: Add security note about JWT and passwords in shell history (#6011)

Co-authored-by: Alan Dooley <[email protected]>
nginxinc · Jul 15, 2024 · aef49fe · aef49fe
1 parent c185433
commit aef49fe
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/docs/content/includes/installation/jwt-password-note.md b/docs/content/includes/installation/jwt-password-note.md
@@ -0,0 +1,11 @@
+---
+docs: 
+---
+
+{{< note >}} For security, follow these practices with JSON Web Tokens (JWTs), passwords, and shell history:
+
+1. **JWTs:** JWTs are sensitive information. Store them securely. Delete them after use to prevent unauthorized access.
+
+1. **Shell history:** Commands that include JWTs or passwords are recorded in the history of your shell, in plain text. Clear your shell history after running such commands. For example, if you use bash, you can delete commands in your `~/.bash_history` file. Alternatively, you can run the `history -c` command to erase your shell history.
+
+Follow these practices to help ensure the security of your system and data. {{< /note >}}
diff --git a/docs/content/installation/nic-images/using-the-jwt-token-docker-secret.md b/docs/content/installation/nic-images/using-the-jwt-token-docker-secret.md
@@ -61,6 +61,8 @@ You will need the following information from [MyF5](https://my.f5.com) for these
 
 1. You can now use the newly created Kubernetes secret in Helm and manifest deployments.
 
+{{< include "installation/jwt-password-note.md" >}}
+
 ---
 
 ## Manifest Deployment
@@ -198,3 +200,5 @@ docker login private-registry.nginx.com --username=<output_of_jwt_token> --passw
 
 Replace the contents of `<output_of_jwt_token>` with the contents of the JWT token itself.
 Once you have successfully pulled the image, you can then tag it as needed.
+
+{{< include "installation/jwt-password-note.md" >}}